Researchers at BAE just reported on a Mac bot known as OSX/Agent-ANTU that was allegedly distributed in a novel way.

The crooks used a security hole in a controversial Mac security and cleanup utility called MacKeeper.

MacKeeper quickly patched the hole after it became known, but until you received the update you were at risk of a Remote Code Execution (RCE) hole.

As long as you were unpatched, a crook could simply entice or redirect you to a poisoned website, and use a single line of JavaScript to send a command script to MacKeeper, which would then run it.

Unfortunately, according to BAE, some crooks struck while the iron was hot.

The crooks sent unpatched MacKeeper users to a web page that tricked their Macs into downloading the OSX/Agent-ANTU malware.

Here are some examples we've seen over the years where the Windows malware "playbook" has been followed, in some cases extremely effectively, on OS X:

2012: Java-based exploit. The Flashback malware was injected onto your Mac via an unpatched Java bug. Flashback was a bot, or zombie, meaning that crooks could remotely send it instructions to help them commit further cybercrime. Estimates suggest that more than 600,000 Macs ended up infected, supposedly including "274 from Cupertino."

2013: Word-based exploit. SophosLabs reported on attackers using an exploitable bug in Microsoft Word for Mac to target Chinese minority groups. If you opened a booby-trapped document, disguised as some sort of political commentary, the crooks got control of your Mac via zombie malware called OSX/Agent-AADL.

2014: Fake "undelivered item" documents. If you opened the bogus PDF file, really an application in disguise, you could end up infected with a data-stealing Trojan called OSX/LaoShu-A. Amongst other things, this one would find files such as documents, spreadsheets, presentations and archives...and send them to the crooks.

Researchers at BAE just reported on a Mac bot known as OSX/Agent-ANTU that was allegedly distributed in a novel way.

The crooks used a security hole in a controversial Mac security and cleanup utility called MacKeeper.

MacKeeper quickly patched the hole after it became known, but until you received the update you were at risk of a Remote Code Execution (RCE) hole.

As long as you were unpatched, a crook could simply entice or redirect you to a poisoned website, and use a single line of JavaScript to send a command script to MacKeeper, which would then run it.

Unfortunately, according to BAE, some crooks struck while the iron was hot.

The crooks sent unpatched MacKeeper users to a web page that tricked their Macs into downloading the OSX/Agent-ANTU malware.

Here are some examples we've seen over the years where the Windows malware "playbook" has been followed, in some cases extremely effectively, on OS X:

2012: Java-based exploit. The Flashback malware was injected onto your Mac via an unpatched Java bug. Flashback was a bot, or zombie, meaning that crooks could remotely send it instructions to help them commit further cybercrime. Estimates suggest that more than 600,000 Macs ended up infected, supposedly including "274 from Cupertino."

2013: Word-based exploit. SophosLabs reported on attackers using an exploitable bug in Microsoft Word for Mac to target Chinese minority groups. If you opened a booby-trapped document, disguised as some sort of political commentary, the crooks got control of your Mac via zombie malware called OSX/Agent-AADL.

2014: Fake "undelivered item" documents. If you opened the bogus PDF file, really an application in disguise, you could end up infected with a data-stealing Trojan called OSX/LaoShu-A. Amongst other things, this one would find files such as documents, spreadsheets, presentations and archives...and send them to the crooks.

So, if you haven't yet crossed the bridge and become a Mac anti-virus user, now would be a good time to give it a go.

“It means that you can overwrite the contents of your BIOS from userland a rootkit EFI without any other tricks other than a suspend-resume cycle, a kernel extension, flashrom, and root access.

“The bug can be used with a Safari or other remote vector to install an EFI rootkit without physical access [provided] a suspended happens in the current session … you could probably force the suspend and trigger this, all remotely. That’s pretty epic ownage.”

Apple has been contacted for comment.

Flash locks are removed when machines enter a sleep state for about 30 seconds or more, allowing attackers to update the flashrom contents from userland including EFI binaries.

Affected models include the MacBook Pro Retina, and Pro, and MacBook Airs, each running the latest EFI firmware updates.

Some of the latest machines are not affected leading Vilaça to think Apple is aware of the vulnerability.

“If they (Apple) indeed knew about the bug – because I don’t believe it’s a coincidence not working in latest machines – then they keep their pattern of not patching older versions,” he says.

“It means that you can overwrite the contents of your BIOS from userland a rootkit EFI without any other tricks other than a suspend-resume cycle, a kernel extension, flashrom, and root access.

“The bug can be used with a Safari or other remote vector to install an EFI rootkit without physical access [provided] a suspended happens in the current session … you could probably force the suspend and trigger this, all remotely. That’s pretty epic ownage.”

Apple has been contacted for comment.

Flash locks are removed when machines enter a sleep state for about 30 seconds or more, allowing attackers to update the flashrom contents from userland including EFI binaries.

Affected models include the MacBook Pro Retina, and Pro, and MacBook Airs, each running the latest EFI firmware updates.

Some of the latest machines are not affected leading Vilaça to think Apple is aware of the vulnerability.

“If they (Apple) indeed knew about the bug – because I don’t believe it’s a coincidence not working in latest machines – then they keep their pattern of not patching older versions,” he says.

It’s become almost axiomatic that Apple devices and the apps on them are more secure than the competition. But researchers continue to blow up that notion and today a group of academics have ripped apart the securityprotections in Mac OS X and iOS to show it’s not only possible to create malware and get it onto the App Store, but it’s also feasible to launch “devastating” attacks using rogue software to steal the most sensitive personal data around, from iCloud passwords and Evernote notes to dodgy selfies and more.

The attacks, known as unauthorized cross-app resource access or XARA, expose design flaws that allow a bad app to access critical pieces of data in other apps. As a result, Apple has struggled to fix the issues, according to apaper released today from Indiana University Bloomington, Peking University and the Georgia Institute of Technology.

It’s become almost axiomatic that Apple devices and the apps on them are more secure than the competition. But researchers continue to blow up that notion and today a group of academics have ripped apart the securityprotections in Mac OS X and iOS to show it’s not only possible to create malware and get it onto the App Store, but it’s also feasible to launch “devastating” attacks using rogue software to steal the most sensitive personal data around, from iCloud passwords and Evernote notes to dodgy selfies and more.

The attacks, known as unauthorized cross-app resource access or XARA, expose design flaws that allow a bad app to access critical pieces of data in other apps. As a result, Apple has struggled to fix the issues, according to apaper released today from Indiana University Bloomington, Peking University and the Georgia Institute of Technology.

"Note that all the attack apps were successfully released by the Apple Stores. So, the security threats are indeed realistic."So, it's a serious problem. And, as yet, not fixed.

The university researchers say that they first reported the vulnerability to Apple on October 15 2014, and contacted them again in November 2014 and early this year. They claimed that Apple told them that because of the complex nature of the security issue, six months' grace would be required to develop a solution.

Unfortunately, that fix has still not emerged and the researchers have chosen to go public with their findings.

For now, until a proper solution is discovered, the most secure approach might be to exercise caution about what apps you download onto your Macs and iOS devices, even if they are listed in the official iOS and Mac App Store — stick with apps from known developers.

Note that all the attack apps were successfully released by the Apple Stores. So, the security threats are indeed realistic."So, it's a serious problem. And, as yet, not fixed.

The university researchers say that they first reported the vulnerability to Apple on October 15 2014, and contacted them again in November 2014 and early this year. They claimed that Apple told them that because of the complex nature of the security issue, six months' grace would be required to develop a solution.

Unfortunately, that fix has still not emerged and the researchers have chosen to go public with their findings.

For now, until a proper solution is discovered, the most secure approach might be to exercise caution about what apps you download onto your Macs and iOS devices, even if they are listed in the official iOS and Mac App Store — stick with apps from known developers.

There is a vulnerability buried deep in the firmware of many Apple laptops that could allow an attacker to overwrite the machine’s BIOS and install a rootkit, gaining complete control of the Mac.

The vulnerability lies in the UEFI system on some older MacBooks, and researcher Pedro Vilaca discovered that after a MacBook is put to sleep and then brought back up, the machine’s low-level firmware is left unlocked.

There is a vulnerability buried deep in the firmware of many Apple laptops that could allow an attacker to overwrite the machine’s BIOS and install a rootkit, gaining complete control of the Mac.

The vulnerability lies in the UEFI system on some older MacBooks, and researcher Pedro Vilaca discovered that after a MacBook is put to sleep and then brought back up, the machine’s low-level firmware is left unlocked.

The researchers say that they first informed Apple of the problem in early October 2014, and that iOS 8.3 appears to resolve some of the issues they uncovered.

Chances are that this won’t be the last time that a serious denial of service flaw is found in iOS. Just last month, Apple released iOS 8.2 which fixed a flaw that allowed hackers to restart iPhones by sending them a maliciously-crafted Flash SMS.

No iOS Zone" denial-of-service vulnerability could lead to your iPhone or iPad constantly crashing.

The researchers say that they first informed Apple of the problem in early October 2014, and that iOS 8.3 appears to resolve some of the issues they uncovered.

Chances are that this won’t be the last time that a serious denial of service flaw is found in iOS. Just last month, Apple released iOS 8.2 which fixed a flaw that allowed hackers to restart iPhones by sending them a maliciously-crafted Flash SMS.

No iOS Zone" denial-of-service vulnerability could lead to your iPhone or iPad constantly crashing.

The researchers say that they first informed Apple of the problem in early October 2014, and that iOS 8.3 appears to resolve some of the issues they uncovered.

Chances are that this won’t be the last time that a serious denial of service flaw is found in iOS. Just last month, Apple released iOS 8.2 which fixed a flaw that allowed hackers to restart iPhones by sending them a maliciously-crafted Flash SMS.

Sharing your scoops to your social media accounts is a must to distribute your curated content. Not only will it drive traffic and leads through your content, but it will help show your expertise with your followers.

Integrating your curated content to your website or blog will allow you to increase your website visitors’ engagement, boost SEO and acquire new visitors. By redirecting your social media traffic to your website, Scoop.it will also help you generate more qualified traffic and leads from your curation work.

Distributing your curated content through a newsletter is a great way to nurture and engage your email subscribers will developing your traffic and visibility.
Creating engaging newsletters with your curated content is really easy.